Back to search
CVE-2010-4577
Published: Dec 22, 2010
Modified: Jan 21, 2025
PUBLISHED
Description
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2011-0121
vendor-advisory
x_refsource_FEDORA
42648
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=667025
x_refsource_CONFIRM
ADV-2011-0216
vdb-entry
x_refsource_VUPEN
https://bugs.webkit.org/show_bug.cgi?id=49883
x_refsource_MISC
oval:org.mitre.oval:def:13953
vdb-entry
signature
x_refsource_OVAL
43086
third-party-advisory
x_refsource_SECUNIA
http://code.google.com/p/chromium/issues/detail?id=63866
x_refsource_CONFIRM
RHSA-2011:0177
vendor-advisory
x_refsource_REDHAT
http://trac.webkit.org/changeset/72685
x_refsource_MISC
DSA-2188
vendor-advisory
x_refsource_DEBIAN
GLSA-201012-01
vendor-advisory
x_refsource_GENTOO
45722
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now